權限拒絕:打開未從 UID 1000 導出的提供程序
[英]Permission Denial: opening provider that is not exported from UID 1000
原文
2020-01-16 23:26:46
6
2
java/
android/
android-fileprovider/
securityexception/
android-securityexception
問題描述
我使用共享用戶 ID android.uid.system構建了一個簽名應用程序(系統應用程序)。 它包含一個FileProvider ,我需要一個package install intent 。
當我嘗試使用包安裝意圖安裝應用程序時,會發生以下錯誤。
2020-01-16 23:44:48.506 5305-16771/com.google.android.packageinstaller W/InstallStaging: Error staging apk from content URI
java.lang.SecurityException: Permission Denial: opening provider com.example.example.CustomFileProvider from ProcessRecord{5bd7399 5305:com.google.android.packageinstaller/u0a13} (pid=5305, uid=10013) that is not exported from UID 1000
at android.os.Parcel.readException(Parcel.java:2004)
at android.os.Parcel.readException(Parcel.java:1950)
at android.app.IActivityManager$Stub$Proxy.getContentProvider(IActivityManager.java:4758)
at android.app.ActivityThread.acquireProvider(ActivityThread.java:5836)
at android.app.ContextImpl$ApplicationContentResolver.acquireUnstableProvider(ContextImpl.java:2526)
at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:1780)
at android.content.ContentResolver.openTypedAssetFileDescriptor(ContentResolver.java:1394)
at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:1247)
at android.content.ContentResolver.openInputStream(ContentResolver.java:967)
at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:167)
at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:161)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
但是,如果我刪除共享用戶 ID(將其轉換為用戶應用程序而不是系統),則包安裝會起作用。
安卓清單:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.example.example"
android:sharedUserId="android.uid.system">
...
<provider
android:name="com.example.example.CustomFileProvider"
android:authorities="${applicationId}.provider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
提供者路徑:
<?xml version="1.0" encoding="utf-8"?>
<paths>
<external-path name="external_files" path="."/>
<files-path name="files" path="." />
</paths>
包安裝:
private static void OpenNewVersion(String location) {
Intent intent = new Intent("android.intent.action.VIEW");
intent.setDataAndType(getUriFromFile(location), "application/vnd.android.package-archive");
intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);
intent.setFlags(FLAG_ACTIVITY_NEW_TASK);
activity.startActivity(intent);
activity.finish();
}
private static Uri getUriFromFile(String location) {
return CustomFileProvider.getUriForFile(activity, activity.getApplicationContext().getPackageName() + ".provider", new File(location + fileName));
}
自定義文件提供程序:
package com.example.example;
import android.support.v4.content.FileProvider;
public class CustomFileProvider extends FileProvider {}
我不明白為什么我不能將 FileProvider 用作系統應用程序。 有沒有辦法解決這個問題?
2 個解決方案
解決方案1
0 2020-01-20 11:38:29
如果您將AndroidManifest.xml中的導出更改為 true,則FileProvider起作用。
像這樣:
<provider
android:name="com.example.example.CustomFileProvider"
android:authorities="${applicationId}.provider"
android:exported="true"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
然而,這帶來了巨大的安全風險。 如果您將其更改為 true,則所有其他應用程序都可以在FileProvider情況下使用您的FileProvider 。
所以我決定創建自己的安裝程序。 這樣我就不必使用FileProvider 。
詳細信息:如何在沒有用戶交互的情況下靜默更新 Android 應用
我使用ProgressDialog向用戶顯示安裝進度。
解決方案2
-1 2020-05-15 03:02:09
frameworks\\base\\services\\core\\java\\com\\android\\server\\uri\\UriGrantsManagerService.java
/**
* Check if the targetPkg can be granted permission to access uri by
* the callingUid using the given modeFlags. Throws a security exception
* if callingUid is not allowed to do this. Returns the uid of the target
* if the URI permission grant should be performed; returns -1 if it is not
* needed (for example targetPkg already has permission to access the URI).
* If you already know the uid of the target, you can supply it in
* lastTargetUid else set that to -1.
*/
int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri grantUri,
final int modeFlags, int lastTargetUid) {
if (!Intent.isAccessUriMode(modeFlags)) {
return -1;
}
if (targetPkg != null) {
if (DEBUG) Slog.v(TAG, "Checking grant " + targetPkg + " permission to " + grantUri);
}
final IPackageManager pm = AppGlobals.getPackageManager();
// If this is not a content: uri, we can't do anything with it.
if (!ContentResolver.SCHEME_CONTENT.equals(grantUri.uri.getScheme())) {
if (DEBUG) Slog.v(TAG, "Can't grant URI permission for non-content URI: " + grantUri);
return -1;
}
// Bail early if system is trying to hand out permissions directly; it
// must always grant permissions on behalf of someone explicit.
final int callingAppId = UserHandle.getAppId(callingUid);
if ((callingAppId == SYSTEM_UID) || (callingAppId == ROOT_UID)) {
if ("com.android.settings.files".equals(grantUri.uri.getAuthority())
|| "com.android.settings.module_licenses".equals(grantUri.uri.getAuthority())
) {
// Exempted authority for
// 1. cropping user photos and sharing a generated license html
// file in Settings app
// 2. sharing a generated license html file in TvSettings app
// 3. Sharing module license files from Settings app
} else {
Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
+ " grant to " + grantUri + "; use startActivityAsCaller() instead");
return -1;
}
}
權限拒絕:打開提供程序android.support.v4.content.FileProvider
[英]Permission Denial: opening provider android.support.v4.content.FileProvider
java.lang.SecurityException:權限拒絕:實現內容提供者時打開提供者
[英]java.lang.SecurityException: Permission Denial: opening provider when implement content provider
權限拒絕:重新啟動應用程序時打開提供程序 com.android.providers.media.MediaDocumentsProvider
[英]Permission Denial: opening provider com.android.providers.media.MediaDocumentsProvider when RESTARTING the app
我該如何解決Google Play游戲服務:SecurityException:權限拒絕:打開提供程序?
[英]How I solve Google Play Game Services: SecurityException: Permission Denial: opening provider?
權限拒絕:打開提供程序 com.android.providers.contacts.ContactsProvider2 Read_Contacts 並且我沒有寫權限
[英]Permission Denial: opening provider com.android.providers.contacts.ContactsProvider2 Read_Contacts and I don't have a write permission
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
權限拒絕:開放提供者Adobe Reader
權限拒絕:打開提供程序android.support.v4.content.FileProvider
java.lang.SecurityException:權限拒絕:實現內容提供者時打開提供者
日歷提供程序:Android 8上的權限拒絕
未經許可,不允許從uid中導出服務意圖
權限拒絕:重新啟動應用程序時打開提供程序 com.android.providers.media.MediaDocumentsProvider
我該如何解決Google Play游戲服務:SecurityException:權限拒絕:打開提供程序?
權限拒絕:打開提供程序 com.android.providers.contacts.ContactsProvider2 Read_Contacts 並且我沒有寫權限
自定義內容提供程序和權限拒絕例外
安全異常:權限被拒絕
相關標簽